To display current resource usage in the switch, enter the following command:
Syntax:
Displays the resource usage of the policy enforcement engine on the switch by software feature. For each type of resource, the amount still available and the amount used by each software feature is shown.
show resources
This output allows you to view current resource usage and, if necessary, prioritize and reconfigure software features to free resources reserved for less important features.
qos
access-list
openflow
policy
Display the same command output and provide different ways to access task-specific information.
NOTE: See “Viewing OpenFlow Resources” in the OpenFlow Administrators Guide for your switch.
Displaying current resource usage shows the resource usage on a switch configured for ACLs, QoS, RADIUS-based authentication, and other features:
The "Rules Used" columns show that ACLs, VT, mirroring, and other features (For example, Management VLAN) have been configured globally or per-VLAN, because identical resource consumption is displayed for each port range in the switch. If ACLs were configured per-port, the number of rules used in each port range would be different.
Displaying current resource usage
HP Switch(config)# show access-list resources Resource usage in Policy Enforcement Engine | Rules | Rules Used Ports | Available | ACL | QoS | IDM | Other | ------+-------------+-----+-----+-----+-------| 1-48 | 2006 | 10 | 5 | 0 | 6 | | Meters | Meters Used Ports | Available | ACL | QoS | IDM | Other | ------+-------------+-----+-----+-----+-------| 1-48 | 255 | | 5 | | 0 | | Application | | Port Ranges | Application Port Ranges Used Ports | Available | ACL | QoS | IDM | Other | ------+-------------+-----+-----+-----+-------| 1-48 | 31 | 1 | 0 | 0 | 0 | 2 of 16 Policy Engine management resources used. Key: ACL = Access Control Lists QoS = Device & Application Port Priority IDM = Identity Driven Management Other = Management VLAN, DHCP Snooping, ARP Protection, RA Guard. Resource usage includes resources actually in use, or reserved for future use by the listed feature. Internal dedicated-purpose resources, such as port bandwidth limits or VLAN QoS priority, are not included.
The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features:
-
Quality-of-service (QoS), including device and application port priority, ICMP rate-limiting, and QoS policies
-
Dynamic assignment of per-port or per-user ACLs and QoS through RADIUS authentication designated as “IDM”, with or without the optional identity-driven management (IDM) application
-
Mirroring policies, including switch configuration as an endpoint for remote intelligent mirroring
The policy enforcement engine is thehardware element in the switch that manages QoS, mirroring, and ACL policies, as well as other software features, using the rules that you configure. Resource usage in the policy enforcement engine is based on how these features are configured on the switch:
-
Resource usage by dynamic port ACLs is determined as follows:
-
Dynamic port ACLs configured by a RADIUS server (with or without the optional IDM application) for an authenticated client determine the current resource consumption for this feature on a specified slot. When a client session ends, the resources in use for that client become available for other uses.
-
-
When the following features are configured globally or per-VLAN, resource usage is applied across all port groups or all slots with installed modules:
-
When the following features are configured per-port, resource usage is applied only to the slot or port group on which the feature is configured:
-
ACLs or QoS applied per-port or per-user through RADIUS authentication
-
ACLs applied per-port through the CLI using the
ip access-group
oripv6 traffic-filter
commands -
QoS policies applied per port through the CLI using the
service-policy
command -
Mirror policies applied per-port through the CLI using the
monitor all service
andservice-policy
commands -
ICMP rate-limiting through the CLI using the
rate-limit icmp
command
-
-
A 1:1 mapping of internal rules to configured policies in the switch does not necessarily exist. As a result, displaying current resource usage is the most reliable method for keeping track of available resources. Also, because some internal resources are used by multiple features, deleting a feature configuration may not increase the amount of available resources.
-
Resource usage includes resources actually in use or reserved for future use by the listed features.
-
"Internal dedicated-purpose resources" include the following features:
-
The "Available" columns display the resources available for additional feature use.
-
The "IDM" column shows the resources used for RADIUS-based authentication with or without the IDM option.
-
"Meters" are used when applying either ICMP rate-limiting or a QoS policy with a rate-limit class action.
The switch has ample resources for configuring features and supporting RADIUS-authenticated clients (with or without the optional IDMapplication).
If the resources supporting these features become fully subscribed:
-
The current feature configuration, RADIUS-authenticated client sessions, and VT instances continue to operate normally.
-
The switch generates anevent log notice to say that current resources are fully subscribed.
-
Currently engaged resources must be released before any of the following actions are supported:
-
Modifying currently configured ACLs, IDM, VT, and other software features, such as Management VLAN, DHCP snooping, and dynamic ARP protection.
You can modify currently configured classifier-base QoS and mirroring policies if a policy has not been applied to an interface. However, sufficient resources must be available when you apply a configured policy to an interface.
-
Acceptance of new RADIUS-based client authentication requests (displayed as a new resource entry for IDM).
Failure to authenticate a client that presents valid credentials may indicate that insufficient resources are available for the features configured for the client in the RADIUS server. To troubleshoot, check the event log.
-
Throttling or blocking of newly detected clients with high rate-of-connection requests (as defined by the current VT configuration).
The switch continues to generate Event Log notifications (and SNMP trap notification, if configured) for new instances of high-connection-rate behavior detected by the VT feature.
-